问题
Reference: Power BI Sample Solution
I have moved the necessary code from the sample solution to my solution and its giving me the following error when authenticating:
AADSTS90002: Tenant authorize not found. This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator.
I am authenticating with these 2 lines:
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ApplicationId, credential);
The error is occurring on the last line. Below are values in my web.config:
<add key="authorityUrl" value="https://login.windows.net/common/oauth2/authorize/" />
<add key="resourceUrl" value="https://analysis.windows.net/powerbi/api" />
Again, this works 100% in the sample app but not when I move to my app. Any ideas why ?
Thanks in advance for any help.
回答1:
So after some research I found that it was to do with the version of the following nuget packages:
Microsoft.IdentityModel.Clients.ActiveDirectory
Microsoft.PowerBI.Api
The following versions needed to be used:
Microsoft.IdentityModel.Clients.ActiveDirectory v3.13.9
Microsoft.PowerBI.Api V2.0.12
It seems it has something to do with the endpoints that are used. If you downgrade to the above versions(which are the same versions used in the sample tool provided), then it works.
The latest versions use something like this : https://login.microsoftonline.com/common/ where the versions provided in the same uses : https://login.windows.net/common/oauth2/authorize/
Once I "downgraded" my versions, it authenticated!
Hope this helps someone else.
回答2:
In my case instead of downgrading Microsoft.IdentityModel.Clients.ActiveDirectory, I changed the authentication endpoint from https://login.windows.net/{My tenant}/oauth2/tokento https://login.microsoftonline.com/{My tenant} which resolved the issue.
回答3:
Yes all the answer are correct, I just want to put some lights on the things like why it's working in low version and not in new version
As per the official doc this is a better authority validation update from microsoft
ADAL.NET 4.x is also less forgiving than ADAL 3.x when setting the authority in the constructor of AuthenticationContext. Valid authorities should be, in the case of Azure AD v1.0:
- https://login.microsoftonline.com/{Guid}, where the Guid is the tenant ID
- https://login.microsoftonline.com/domainName, where the domain name is a domain associated with your tenant
https://login.microsoftonline.com/common which, in the case of ADAL.NET means any Azure AD tenant (note that the meaning is
different in MSAL.NET)It cannot be https://login.microsoftonline.com/common/OAuth2/endpoint even if this for could have been wrongly accepted in ADAL 3.x
回答4:
Resolved by reverting the assembly "Microsoft.IdentityModel.Clients.ActiveDirectory" to Version=3.13.9.1126.
Using latest version of this assembly raised this issue. Version = 4.4.0.0
来源:https://stackoverflow.com/questions/53502733/powerbi-aadsts90002-tenant-authorize-not-found